Loading...
 
Print

VAST Challenge 2013: Mini-Challenge 3


Background photo by _Untitled-1 (Flickr)


Background

Big Marketing is an international marketing company employing a large staff of marketing executives who create and manage advertising and public relations campaigns for clients. Big Marketing has an internet research staff that stays current on the latest business, consumer and entertainment trends, searches for new markets, and comes up with ways to make Big Marketing’s clients stand out from the crowd. In addition, Big Marketing operates web sites for selected clients.

You work as the Big Marketing computer network manager, ensuring that Big Marketing networks are up and running for both the Internet-facing web services and the internal workforce. This responsibility encompasses the full range of maintaining current operations, planning for future needs, and securing and defending network assets against threats.

Mini-Challenge Questions

In this VAST Challenge 2013 Mini-Challenge, your job is to understand events taking place on your networks over a two week period. To support your mission, your choice of visual analytics should support near real-time situation awareness. In other words, as network manager, your goal for your department is to notice network events as quickly as possible.

MC3.1 – Provide a timeline (i.e., events organized in chronological order) of the notable events that occur in Big Marketing’s computer networks for the supplied data. Use all data at your disposal to identify up to twelve events and describe them to the extent possible. Your answer should be no more than 1000 words long and may contain up to twelve images.

MC3.2 – Speculate on one or more narratives that describe the events on the network. Provide a list of analytic hypotheses and/or unanswered questions about the notable events. In other words, if you were to hand off your timeline to an analyst who will conduct further investigation, what confirmations and/or answers would you like to see in their report back to you? Your answer should be no more than 300 words long and may contain up to three additional images.

MC3.3 – Describe the role that your visual analytics played in enabling discovery of the notable events in MC3.1. Describe whether your visual analytics play a role in formulating the questions in MC3.2. Your answer should be no more than 300 words long and may contain up to three additional images.

Data Sources

The data under investigation spans a two week period. Data for both weeks is now available.

You have four sources of data and information at your disposal in order to characterize what is happening on the network:
  1. Network description
  2. Network flow data (netflow data)
  3. Network health and status data (Big Brother data)
  4. Intrusion Protection System data.
  5. Questions to the Big Marketing corporate office

1. Network Description.
The Big Marketing network description for Week 1 is included with the Answer Sheet and Data Descriptions download. The updated network description reflecting the network configuration in Week 2 is included in the Week 2 Supplementary Data Descriptions download.

Organizationally, Big Marketing consists of three different branches, each with around 400 employees and its own web servers.

All Big Marketing workstations and servers sit behind a firewall, including the web servers that the company operates for their clients. The customers of Big Marketing’s clients visit theses web servers regularly.

2. Network flow data.
Network flow data captures, to the extent feasible, the traffic moving across the network. Big Marketing captures network flow at the firewall, so transactions that go from Big Marketing to the internet, or come from the internet into Big Marketing, are captured.

In network flow data, a series of messages between two computers is combined into a single flow record. Records appear for each session where the handshake between the two computers is completed. While each flow record includes a source and destination IP, the designation of source and destination are not guaranteed to be correct. In a situation where the flow collector did not catch the initial transaction in a flow, and sees the response as the first transaction, the destination IP may be labeled as the source IP, and vice versa.

A detailed description of the network flow data is included in the Answer Sheet and Data Descriptions download.

3. Network health and status data.
A commercial network health monitoring program called Big Brother is installed on the network. Approximately every five minutes, each workstation and server sends a status update. The data format and further details are included with the Answer Sheet and Data Descriptions download.

4. Intrusion Protection System data.
For week 2, intrusion protection system (IPS) log data is also available. An IPS monitors and logs network activities. When it identifies apparently malicious activity, the IPS attempts to block or prevent the activity.

A detailed description of the IPS data is included in the Week 2 Supplementary Data Descriptions download.

5. Additional Questions.
As reflected in the netflow and Big Brother data, computer logs often do not contain the complete details needed to understand the event. As you notice events occur in Big Marketing networks, you may wish to consult other data sources to supplement your understanding. In this Mini-Challenge, you have a few opportunities to ask questions about items seen in the provided data. If the Big Marketing corporate office and/or the network analysts on your team have additional insight relevant to your question, you will receive an answer.

This method of expanding your analysis is optional and limited. You do not have to ask any questions. If you do choose to ask questions, you may ask at most five questions. Be aware that the phrasing and specificity of your questions is very important. If you ask a well-formed question, your analysts or the corporate office might be able to dig up some related information. However, it is also possible that no additional information is available. In spite of their best efforts to help with an investigation, additional information simply might not exist.

The procedure for asking questions is as follows:
  1. Register your team by sending an email to VASTChalMC3@vacommunity.org that identifies your institution and the point of contact for your entry. You must complete this step before asking any questions.
  2. To ask a question, send the question in an email to VASTChalMC3@vacommunity.org. Please include only one question per email. Responses will be sent within three business days.
  3. After your quota of five questions has been answered, no further questions will be acknowledged.

Download the Datasets, Entry Forms, and Documentation


Enter your email address below to download the datasets, entry forms, and documentation.


Submission Instructions

Deadline

All entries must be submitted by July 8, 2013, by 11:59pm PDT. Any entry received after that time will not accepted.

If problems are detected with your entry (such as exceeding word, image, or video limits), the primary point of contact for the entry will be contacted to rectify the entry. These changes must be received no later than July 11. If the entry is not received by this time or the detected problems have not been rectified then the entry will not be accepted for the Challenge.

Required Materials

The following material is required for your submission. Each of these materials is described in greater detail below.
  1. An entry form
  2. A five-minute video
You also have the option to submit a two-page paper summarizing your entry. The due date for this paper is August 15, 2013.

Entry Form

An answer form is required for each entry. The entry form is included in the MC3 download package.

Complete the form as follows:
  1. The entry form can be edited with Microsoft Word or other word processors. Rename the entry form file to “index.htm”. Make sure to leave the form in “.htm” format.
  2. Name your entry using a composite of your team’s organization, primary contact's last name, and the challenge you are entering. For example, for a submission from the University of Maryland for Mini-Challenge 3, from a team led by Dr. Jones, please use UMD-Jones-MC3.
  3. Provide a list of team members, their affiliation, and email addresses. Provide a Primary Contact under your list of team members. The primary contact must be responsive to emails to handle all questions and communications related to the submission. If your team took advantage of the opportunity to ask questions, please indicate the point of contact for the questions and answers.
  4. Please indicate if this is a student team. A student team is defined as one led by a student and worked on by students. Class projects are good examples of submissions that would be provided by student teams.
  5. Provide a list of analytic tools used. Commercially available tools like Tableau or SAS can be mentioned by name. For tools not commercially available, please provide a tool name, developer name (or a company name), and any links to the tool that can provide us more information about it. For tools developed by the submitting team, additional information such as where it was developed (e.g., "SPINVIZ was developed by the University of West Birmingham CS 459 Information Visualization class, taught Spring 2011 by Dr. Smith, and adapted by the student team for the challenge.")
  6. Provide a link to your explanatory video. Please verify the link is active throughout the contest period, as it may be downloaded at various times by different VAST Challenge committee members and reviewers.
  7. Indicate whether you give your permission for your submission to be posted in the publicly-accessible Visual Analytics Benchmark Repository.
  8. Provide a link to your explanatory video. If size permits, please include this video in your electronic submission package. If not, please post it on the internet and provide a link. Please verify the link is active throughout the contest period, as it may be downloaded at various times by different VAST Challenge Committee members and reviewers. If you do not have a site on which you can post your video, please contact vast_challenge at ieeevis.org to discuss other approaches.
  9. Provide your answers to the challenge questions in the sections provided.

Video

All entries are required to include a five minute video with voice narration. One video must be provided for each mini-challenge entered. The video should be in .wmv format. Please contact the chairs at vast_challenge@ieeevis.org if you have questions concerning the video.

The video is your chance to fully explain your entry. Some tips for creating a video include:
  • Give a clear explanation of only those aspects of the tool that you used.
  • Give a clear explanation of your starting point for analysis and how you selected it
  • If there is a choice of visualizations to use explain why one was selected.
  • Give an explanation of how the visualization helped in the analysis.
  • If filters or transformation are applied, explain what was used and in what sequence they were applied.
  • If there are anomalies in a visualization, explain how they are factored into the analysis.
  • Give a careful definition of subjective terms used such as “uncertainty.”
  • Describe any important assumptions you made.

Two-Page Summaries

Participants will be invited to publish two page summaries of their submission in the Conference Proceedings. These summaries allow the contestant to give a general overview of their approach and tools, significantly highlight novel features, provide references to papers and other relevant work and describe any new discoveries made about tools while working through the Challenge problem.

The two-page summary must be formatted according to the general IEEE VGTC Guidelines. They are submitted separately from your entry, and are due about a month after the entry deadline.

Packaging and Submitting Your Entry

  1. For each challenge we provide an answer form. Rename this form to "index.htm" and save it on your local computer. Use this form to provide your answers either by adding text to the form itself or by linking to the separate files you need to provide.
  2. Create a folder on your computer with the same name as your entry name. Save the completed entry form (index.htm), your video, and your other images in this folder as well. The index.htm file should contain link to your video. Use relative links so they will still work when your materials are moved to another folder.
  3. Zip the entire directory and save it in a file using the same entry name, for example, UMD-Jones-MC3.zip. If your zip file is greater than 50 MB in size, please post your video or other large materials on the internet instead of including it in your zip file. The submission system can only accept files smaller than 50 MB.

IEEE VAST Challenge 2013 uses the Precision Conference System (PCS) to handle the submission and reviewing process. PCS is available at https://precisionconference.com/~vgtc/. If you do not already have a login for the system you must register first. Once you are logged into your account please choose VAST 2013 Challenge under “new submissions” and follow the instructions.

Forum

Please post questions about the mini-challenge on the MC3 Forum. This forum is moderated, so your question will be reviewed prior to displaying it here. You may also contact vast_challenge@ieeevis.org for questions.


Page last modified on Wednesday, February 26, 2014

Print